Login Sign Up

CVE-2022-47937

9.8 CRITICAL
Denial of Service

📋 TL;DR

This vulnerability in Apache Sling Commons JSON allows attackers to cause denial of service or potentially execute arbitrary code by sending specially crafted JSON input. It affects any system using the deprecated org.apache.sling.commons.json bundle, particularly Apache Sling-based applications and services.

💻 Affected Systems

Products:
  • Apache Sling Commons JSON bundle
Versions: All versions of org.apache.sling.commons.json bundle
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: This bundle has been deprecated since March 2017 but may still be in use in legacy systems.

📦 What is this software?

Sling Commons Json by Apache

View all CVEs affecting Sling Commons Json →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service causing application crashes and service disruption.

🟢

If Mitigated

Minimal impact with proper input validation and network segmentation in place.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

CVSS 9.8 indicates critical severity with network access and no authentication required.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: https://lists.apache.org/thread/sws7z50x47gv0c38q4kx6ktqrvrrg1pm

Restart Required: Yes

Instructions:

1. Remove org.apache.sling.commons.json bundle from your system. 2. Migrate to Apache Sling Commons Johnzon bundle or another supported JSON library. 3. Update all dependencies to use the new JSON library. 4. Restart affected services.

🔧 Temporary Workarounds

Input validation filter

all

Implement strict input validation for JSON parsing to reject malformed input

Network isolation

all

Restrict network access to affected services using firewalls or network segmentation

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block malformed JSON payloads
  • Monitor for abnormal JSON parsing errors and implement rate limiting

🔍 How to Verify

Check if Vulnerable:

Check if org.apache.sling.commons.json bundle is installed in your OSGi container or application dependencies

Check Version:

For OSGi: osgi:list | grep sling.commons.json

Verify Fix Applied:

Confirm org.apache.sling.commons.json bundle is removed and replaced with Apache Sling Commons Johnzon or another supported JSON library

📡 Detection & Monitoring

Log Indicators:

  • JSON parsing errors
  • Unexpected exceptions in JSON processing
  • Application crashes during JSON handling

Network Indicators:

  • Unusual JSON payloads in HTTP requests
  • Repeated malformed JSON submissions

SIEM Query:

source="*apache*" AND ("JSON parsing error" OR "org.apache.sling.commons.json" OR "JSONException")

📊 Metadata

CVE ID: CVE-2022-47937
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-20
Published: May 15, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47937, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)